On a recent ConfigMgr 2012 engagement, I was migrating a customer from using standalone WSUS to CM12 Software Updates. They requested to have the ability at ‘bypassing’ the steps required for downloading and distributing patches to the Distribution Points (but still desired to approve the patches before deployment). To be clear, this ONLY for adding patches into a package automatically. Other than for AV updates, it is never recommended to automatically approve and distribution patches.

Using CM12’s Automatic Deploy Rules (ADR), I was able to set up a process which would auto detect and distribute required patches to DPs within their organization so that they could rapidly deploy updates. To do this:

Create an “empty” collection that will NEVER contain any members

If you do not have one already, create an “All Distribution Points” group with all DPs

Create a new ADR in the console

General page: add an appropriate name, target the EMPTY collection, and add the patches to an existing Software Updates Group, and deselect “Enable this rule…”

Deployment Settings page: use defaults

Software Updates page: add filters for

Product (Win7, Win8, WinXP, etc.)

Required (>0)

Superseded (No)

Title (-“service pack”) => using the minus before the name will exclude anything with that string in the title)

Evaluation schedule page: Run the rule after any Software Updates sync (if only doing once per day) or set to run only overnight

Deployment schedule page: for safety, set both the availability and deadline for 12 months in advance

User Experience page: use defaults

Download Settings page: select both options to “Do not install”

Deployment Package page: create a new package or use an existing package

Distribution Points page: add your “All Distribution Points” group

Complete the remainder of the wizard with your desired patch download and language preferences

After completion of the ADR, run it to ensure that patches are downloaded